API Reference
Packages:
pkg.internal/v1beta1
Resource Types:
Datalab
pkg.internal/v1beta2
Resource Types:
Datalab
A Datalab is a tenant-facing, namespaced composite resource. It defines ownership, membership, and optional file bundles to materialize in the environment.
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | pkg.internal/v1beta2 | true |
| kind | string | Datalab | true |
| metadata | object | Refer to the Kubernetes API documentation for the fields of the `metadata` field. | true |
| spec | object |
Desired configuration of the datalab. |
true |
| status | object |
Current observed state of the datalab. |
false |
Datalab.spec
Desired configuration of the datalab.
| Name | Type | Description | Required |
|---|---|---|---|
| users | []string |
Users associated with this datalab. Default: [] |
true |
| cacheStores | map[string]object |
Optional cache stores for this datalab, implemented via Redis and managed through the Redis Kubernetes operator. Default: map[] |
false |
| data | object |
Optional settings for the Data component. When enabled, the composition provisions the data service UI and mounts workspace storage into it at /data. Default: map[] |
false |
| databases | map[string]object |
Optional PostgreSQL hosts (PostgresCluster instances) to provision for this datalab. Each host defines a data volume size and a pgBackRest repository size, plus a list of logical PostgreSQL databases to create inside that cluster. Ownership and privileges are derived from spec.users by the Composition. Default: map[] |
false |
| documentStores | map[string]object |
Optional document stores for this datalab, implemented via MongoDB and managed through the MongoDB Kubernetes operator. Default: map[] |
false |
| files | []object |
File bundles to fetch from remote sources and copy into the environment. Supports image, git, and http sources, path filtering, and optional credentials. Default: [] |
false |
| persistence | object |
Optional settings for Datalab-owned session workspace PVCs. Provider Datalab creates a stable PVC per declared session, including stopped sessions, and mounts it as the session home workspace when the runtime is started. Default: map[] |
false |
| quota | object |
Optional per-datalab session quota overrides. If a field is not specified here, the composition falls back to EnvironmentConfig at `spec.defaults.quota`, and then to hard defaults. Effective defaults (when neither XR nor EnvironmentConfig provides a value): memory=2Gi, storage=1Gi, budget=medium. |
false |
| registry | object |
Optional settings for the in-session Docker registry. When enabled, a registry service is added to the session applications. Default: map[] |
false |
| secretName | string |
Name of the Secret containing the credentials to access the storage associated with this Datalab. If omitted, the Datalab name is used. The Secret is read from the namespace configured in EnvironmentConfig.data.storage.secretNamespace, which is usually the same namespace as the Datalab. |
false |
| security | object |
Optional per-datalab session security settings. If a field is not specified here, the composition falls back to EnvironmentConfig at `spec.defaults.security`, and then to hard defaults. Effective defaults (when neither XR nor EnvironmentConfig provides a value): policy=baseline, kubernetesAccess=true, kubernetesRole=edit. When policy is "privileged", Docker is automatically enabled with 20Gi storage. |
false |
| sessions | []object |
Sessions declared for this datalab. Default: [] |
false |
| userOverrides | map[string]object |
Optional per-user override configuration.
Default: map[] |
false |
| vcluster | boolean |
Whether to provision an isolated vcluster for each datalab session. Default: false |
false |
| vectorStores | map[string]object |
Optional vector stores for this datalab, implemented via Qdrant and managed through the Qdrant Kubernetes operator. Default: map[] |
false |
Datalab.spec.cacheStores[key]
| Name | Type | Description | Required |
|---|---|---|---|
| storage | string |
Storage size for Redis persistent data volume as a Kubernetes quantity (e.g., "1Gi", "10Gi"). Effective default: "1Gi". |
true |
Datalab.spec.data
Optional settings for the Data component. When enabled, the composition provisions the data service UI and mounts workspace storage into it at /data.
| Name | Type | Description | Required |
|---|---|---|---|
| enabled | boolean |
Whether to provision the Data component for this Datalab session. Effective default: true. Default: true |
false |
| readOnlyMount | boolean |
Whether the workspace storage should be mounted read-only in the Data component. Effective default: false. Default: false |
false |
Datalab.spec.databases[key]
| Name | Type | Description | Required |
|---|---|---|---|
| backupStorage | string |
Storage size for the pgBackRest repository PVC (backup volume, including WAL archive) as a Kubernetes quantity (e.g., "10Gi", "100Gi"). |
true |
| names | []string |
Logical PostgreSQL database names to create within this host (e.g., "prod", "dev"). |
true |
| storage | string |
Storage size for the PostgreSQL data PVC of this PostgresCluster as a Kubernetes quantity (e.g., "1Gi", "10Gi"). |
true |
Datalab.spec.documentStores[key]
| Name | Type | Description | Required |
|---|---|---|---|
| storage | string |
Storage size for MongoDB persistent data volume as a Kubernetes quantity (e.g., "5Gi", "20Gi"). Effective default: "10Gi". |
true |
Datalab.spec.files[index]
| Name | Type | Description | Required |
|---|---|---|---|
| excludePaths | []string |
Glob patterns to exclude from the source. |
false |
| git | object |
Git repository source configuration. |
false |
| http | object |
HTTP source configuration for downloading an asset or archive. |
false |
| image | object |
Container image source configuration. |
false |
| includePaths | []string |
Glob patterns to include from the source. |
false |
| newRootPath | string |
Subdirectory within the source to treat as the root. |
false |
| path | string |
Destination directory for extracted files. Default: . |
false |
Datalab.spec.files[index].git
Git repository source configuration.
| Name | Type | Description | Required |
|---|---|---|---|
| lfsSkipSmudge | boolean |
If true, do not fetch Git LFS objects. |
false |
| ref | string |
Branch, tag, or commit to fetch. |
false |
| refSelection | object |
Resolve an explicit ref by semver selection. |
false |
| secretRef | object |
Optional credentials for the Git server. |
false |
| url | string |
Git repository URL (HTTPS or SSH). |
false |
| verification | object |
GPG signature verification options. |
false |
Datalab.spec.files[index].git.refSelection
Resolve an explicit ref by semver selection.
| Name | Type | Description | Required |
|---|---|---|---|
| semver | object |
|
false |
Datalab.spec.files[index].git.refSelection.semver
| Name | Type | Description | Required |
|---|---|---|---|
| constraints | string |
|
false |
| prereleases | object |
|
false |
Datalab.spec.files[index].git.refSelection.semver.prereleases
| Name | Type | Description | Required |
|---|---|---|---|
| identifiers | []string |
|
false |
Datalab.spec.files[index].git.secretRef
Optional credentials for the Git server.
| Name | Type | Description | Required |
|---|---|---|---|
| name | string |
Name of a Secret with auth (ssh-privatekey/knownhosts or username/password). |
false |
| namespace | string |
Namespace of the Secret. |
false |
Datalab.spec.files[index].git.verification
GPG signature verification options.
| Name | Type | Description | Required |
|---|---|---|---|
| publicKeysSecretRef | object |
|
false |
Datalab.spec.files[index].git.verification.publicKeysSecretRef
| Name | Type | Description | Required |
|---|---|---|---|
| name | string |
Secret containing GPG public keys. |
false |
| namespace | string |
Namespace of the Secret. |
false |
Datalab.spec.files[index].http
HTTP source configuration for downloading an asset or archive.
| Name | Type | Description | Required |
|---|---|---|---|
| secretRef | object |
Optional basic-auth credentials for the HTTP server. |
false |
| sha256 | string |
Optional checksum for verification of the downloaded asset. |
false |
| url | string |
HTTP(S) URL to file or archive; archives are unpacked automatically. |
false |
Datalab.spec.files[index].http.secretRef
Optional basic-auth credentials for the HTTP server.
| Name | Type | Description | Required |
|---|---|---|---|
| name | string |
Secret containing username/password. |
false |
| namespace | string |
Namespace of the Secret. |
false |
Datalab.spec.files[index].image
Container image source configuration.
| Name | Type | Description | Required |
|---|---|---|---|
| dangerousSkipTLSVerify | boolean |
Skip TLS verification when pulling from the registry. |
false |
| secretRef | object |
Optional credentials for the image registry. |
false |
| tagSelection | object |
Optional semantic-version tag selection policy. |
false |
| url | string |
OCI image reference (e.g., ghcr.io/org/repo:tag or @sha256:...). |
false |
Datalab.spec.files[index].image.secretRef
Optional credentials for the image registry.
| Name | Type | Description | Required |
|---|---|---|---|
| name | string |
Name of a Secret containing registry credentials. |
false |
| namespace | string |
Namespace of the Secret. |
false |
Datalab.spec.files[index].image.tagSelection
Optional semantic-version tag selection policy.
| Name | Type | Description | Required |
|---|---|---|---|
| semver | object |
|
false |
Datalab.spec.files[index].image.tagSelection.semver
| Name | Type | Description | Required |
|---|---|---|---|
| constraints | string |
Semver constraint string. |
false |
| prereleases | object |
|
false |
Datalab.spec.files[index].image.tagSelection.semver.prereleases
| Name | Type | Description | Required |
|---|---|---|---|
| identifiers | []string |
|
false |
Datalab.spec.persistence
Optional settings for Datalab-owned session workspace PVCs. Provider Datalab creates a stable PVC per declared session, including stopped sessions, and mounts it as the session home workspace when the runtime is started.
| Name | Type | Description | Required |
|---|---|---|---|
| storageClassName | string |
Optional StorageClass for Datalab-owned session workspace PVCs. If EnvironmentConfig.data.storageClasses.allowed is non-empty, the requested class is used only when it is listed there; otherwise the first allowed class is used. If the allowlist is empty or omitted, any requested class is allowed. |
false |
Datalab.spec.quota
Optional per-datalab session quota overrides. If a field is not specified here, the composition falls back to EnvironmentConfig at spec.defaults.quota, and then to hard defaults. Effective defaults (when neither XR nor EnvironmentConfig provides a value): memory=2Gi, storage=1Gi, budget=medium.
| Name | Type | Description | Required |
|---|---|---|---|
| budget | enum |
Namespace budget class determining available compute resources. Accepted values correspond to the runtime budgets supported by the provider. Effective default (if not set here or in EnvironmentConfig): "medium". Enum: small, medium, large, x-large, xx-large, xxx-large |
false |
| memory | string |
Memory request for the session environment as a Kubernetes quantity (e.g., "2Gi", "512Mi"). Effective default (if not set here or in EnvironmentConfig): "2Gi". |
false |
| storage | string |
Storage size for the session as a Kubernetes quantity (e.g., "1Gi"). Effective default (if not set here or in EnvironmentConfig): "1Gi". |
false |
Datalab.spec.registry
Optional settings for the in-session Docker registry. When enabled, a registry service is added to the session applications.
| Name | Type | Description | Required |
|---|---|---|---|
| enabled | boolean |
Whether to provision the Docker registry application for this Datalab. Effective default: false. Default: false |
false |
| storage | string |
Storage size for the Docker registry data volume as a Kubernetes quantity (e.g., "5Gi", "20Gi"). Effective default: "5Gi". |
false |
Datalab.spec.security
Optional per-datalab session security settings. If a field is not specified here, the composition falls back to EnvironmentConfig at spec.defaults.security, and then to hard defaults. Effective defaults (when neither XR nor EnvironmentConfig provides a value): policy=baseline, kubernetesAccess=true, kubernetesRole=edit. When policy is "privileged", Docker is automatically enabled with 20Gi storage.
| Name | Type | Description | Required |
|---|---|---|---|
| kubernetesAccess | boolean |
Whether a Kubernetes service account token should be made available within the session. Effective default (if not set here or in EnvironmentConfig): true. |
false |
| kubernetesRole | enum |
Session namespace RBAC role. Accepted values: "admin", "edit", "view". Effective default (if not set here or in EnvironmentConfig): "edit". Enum: admin, edit, view |
false |
| policy | enum |
Pod Security Standard policy level. Accepted values: "restricted", "baseline", "privileged". Effective default (if not set here or in EnvironmentConfig): "baseline". Enum: restricted, baseline, privileged |
false |
Datalab.spec.sessions[index]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string |
Session name. |
true |
| state | enum |
Desired runtime lifecycle for this session. Started sessions create an active runtime session. Stopped sessions keep their Datalab-owned workspace PVC but do not create a runtime.
Enum: started, stopped Default: started |
false |
Datalab.spec.userOverrides[key]
| Name | Type | Description | Required |
|---|---|---|---|
| grantedAt | string |
RFC3339 timestamp indicating when the role became active.
Format: date-time |
false |
| role | enum |
Assigned role for the user. Enum: admin, user |
false |
Datalab.spec.vectorStores[key]
| Name | Type | Description | Required |
|---|---|---|---|
| storage | string |
Storage size for Qdrant persistent data volume as a Kubernetes quantity (e.g., "1Gi", "10Gi"). Effective default: "1Gi". |
true |
Datalab.status
Current observed state of the datalab.
| Name | Type | Description | Required |
|---|---|---|---|
| sessions | map[string]object |
Map of session IDs and their lifecycle state and runtime details. |
false |
Datalab.status.sessions[key]
Observed state of a single datalab session.
| Name | Type | Description | Required |
|---|---|---|---|
| message | string |
Latest observed status message for the session runtime. |
false |
| phase | string |
Latest observed lifecycle phase for the session runtime. |
false |
| state | enum |
Desired lifecycle state for the declared session. Enum: started, stopped |
false |
| url | string |
Public URL of the active session. |
false |